]>
Commit | Line | Data |
---|---|---|
c1400087 MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2012 IPFire Network Development Team # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | # This variable is used to point to a directory | |
23 | # in which the iptables ruleset will be generated. | |
24 | IPTABLES_TMPDIR= | |
25 | ||
26 | FIREWALL_CONFIG_DIR="/etc/firewall" | |
27 | FIREWALL_ZONES_DIR="${FIREWALL_CONFIG_DIR}/zones" | |
fe52c5e0 MT |
28 | FIREWALL4_CONFIG_FILE="${FIREWALL_CONFIG_DIR}/config4" |
29 | FIREWALL6_CONFIG_FILE="${FIREWALL_CONFIG_DIR}/config6" | |
c1400087 MT |
30 | FIREWALL_CONFIG_RULES="${FIREWALL_CONFIG_DIR}/rules" |
31 | ||
32 | FIREWALL_MACROS_DIRS="${FIREWALL_CONFIG_DIR}/macros" | |
33 | FIREWALL_MACROS_DIRS="${FIREWALL_MACROS_DIRS} /usr/share/firewall/macros" | |
34 | ||
35 | # List of parameters which are saved in the configuration file. | |
36 | FIREWALL_CONFIG_PARAMS="" | |
37 | ||
a2c9dff5 MT |
38 | # Valid arguments in the rules file. |
39 | FIREWALL_RULES_CONFIG_PARAMS="src dst proto action sport dport in out" | |
40 | ||
c1400087 MT |
41 | # Define the default logging method (nflog or syslog). |
42 | FIREWALL_LOG_METHOD="nflog" | |
43 | FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_METHOD" | |
44 | ||
45 | # Set the default threshold for the nflog method. | |
46 | FIREWALL_NFLOG_THRESHOLD=30 | |
be9aaf8b | 47 | FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_NFLOG_THRESHOLD" |
c1400087 MT |
48 | |
49 | # Enable clamping MSS for braindead ISPs which filter ICMP packets. | |
50 | FIREWALL_CLAMP_PATH_MTU="false" | |
51 | FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_CLAMP_PATH_MTU" | |
a2c9dff5 | 52 | |
fe52c5e0 MT |
53 | FIREWALL4_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS}" |
54 | FIREWALL6_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS}" | |
55 | ||
a2c9dff5 MT |
56 | FIREWALL_SUPPORTED_PROTOCOLS="tcp udp icmp igmp esp ah gre" |
57 | FIREWALL_PROTOCOLS_SUPPORTING_PORTS="tcp udp" | |
58 | ||
59 | # Firewall zone settings. | |
60 | FIREWALL_ZONE_SETTINGS="FRIEND_ZONES MASQUERADE4" | |
61 | ||
62 | # Default values. | |
63 | FIREWALL_ZONE_SETTINGS_MASQUERADE4="false" |